Posted
by
samzenpus
on Monday November 11, 2013 @12:09PM
from the click-here-if-you-want-air dept.

DavidGilbert99 writes "Nowhere is safe. Even in the cold expanse of space, computer malware manages to find a way. According to Russian security expert Eugene Kaspersky, the SCADA systems on board the International Space Station have been infected by malware which was carried into space on USB sticks by Russian astronauts."

More seriously... those SCADA systems control life support. That's a problem if you're one of those types of people that would rather go on sucking nitrogen/oxygen mixtures instead of vaccum up there. Now, I'm pretty sure that unlike in the movies there's no computer control that lets them just vent all the atmosphere into space in a few seconds, but if those systems were programmed to damage the ISS, it might force it to be abandoned. That would be bad.. especially if it de-orbited suddenly. That's a very, very big thing to be coming down to Earth, and it wouldn't break apart in a tight pattern either.

The actual critical systems on ISS are heavily custom, up to and including using participants' own CPU designs (ESA's Leon is powering the redundant DMS-R computers, I believe). I'm not sure how you would go about "randomly" infecting such a system.

When you see "Russian", "USB key", "malware" and "SCADA" in a sentence you should automatically think Stuxnet, which TFA talks about at length. Stuxnet, happily, only attacks centrifuges, and is generally very sophisticated about staying out of the way. The chances of any complications happening spontaneously are somewhere between "Hollywood movie plot" and "political promise."

Stuxnet was delivered to Iran by slipping it onto the equipment of the Russian contractors building the nuclear plant.

Gauss was discovered in Lebanon and appears to have been built with the same toolkit, not reverse-engineered, suggesting the Israelis were responsible for its release. The other known variant, Flame, is also not found anywhere near Russia [wired.com], and was also cut from the same cloth and targeted at Iran.

Not subtle enough. All you really need to do is drop the O2 Concentration by 2-3 percent while allowing CO2 to increase. Astronauts then make mistake that

Stop. Please. There are independently-alarmed sensors on the ISS in each compartment that check oxygen and Co2 levels, and there are emergency scrubbers present. All they need to do is go to the storage compartment, pull out the cylinder, twist, and let it float there. It will, via chemical reaction, eat up several days worth of Co2. And these people are given oxygen-deprivation training prior to assignment; They're professionals. They will realize the problem even without all those safeguards.

The risk is not to the people, the risk is to the equipment -- those SCADA systems control much of the automated systems on board, including thrusters that control yaw, roll, solar panel angles, etc. If you fuck with those, you could, say, twist up the solar panels like a cork and snap lines. You could disable the stabilization gyros and send the thing into a spin. Or you could just disable them at a key moment and allow the ISS to hit space debris -- it needs to adjusts its orbit on an irregular basis for just this reason. Even just tilting it so it's broadside with the sun and then disabling everything would be enough to bring it down in a few months if control couldn't be re-established... difficult if the thrusters were set to a mode where they burn fuel off as fast as possible at opposing points across the central axis, for example.

No country down here has the ability to rapidly build, assemble, transport, and launch, required repair supplies in time to salvage it if someone were to do this. The ISS would de-orbit. But the risk to the astronauts lives? Low. Risk of damage to property on the ground? Middleish; The world still is mostly ocean afterall.

Wait, are you saying that a computer virus can't stop lithium hydroxide from chemically absorbing CO2? What a shitty virus.

No, but I can write one that hacks the SCADA systems into overvolting multiple systems and starting dozens of fires in the ISS, creating a choking, venomous fume that forces everyone into the escape pod and ejects... and then deorbit the damn thing into the nearest populated continent.

That's the concern here. It's not the lives up there we're worried about. It's the ones down here if someone decides to turn the ISS into a few hundred tons of flaming death from the sky... though it's more likely it would sim

The ISS is nothing more than a thinly veiled weapons platform cloaked as a space station. Rods from God is the ultimate weapon, inflicting nuclear scale devastation without the pesky fallout. Within our lifetimes expect to see an attack launched and the USA will claim that they had no part in it, when in reality they will be the instigating party with plausible deniability.

Why would the Rods from God [popsci.com] project require a manned platform? Especially an international crew that would be likely to discover the device and report it back to their own respective countries?

The claim that NSA was spying on everyone was believable. In fact, I had sort of expected that happening. On the other hand, the claim that these "rods from god" can violate fundamental laws of physics, including the law of conservation of energy, to achieve "nuclear scale devastation", smells not only of thinking patterns of a conspiracy theorist but rather of sheer lunacy (or lack of high school education, or both).

If a guy on the street was screaming that the NSA was tapping the phones of world leaders, we would have called him crazy. The fact that it later came out that the NSA was tapping the phones of world leaders doesn't retroactively make that person not crazy. Or was your point "Yes, I may be crazy, but sometimes crazy people are coincidentally correct!" I'm sure there are paranoid schizophrenic people that are right now being investigated by the FBI -- but they are still paranoid schizophrenic.

To geeks it sounds like an uninformed attack on linux's security, but I think what the author means to say is "these are not proprietary custom-designed systems, but are based on a common Earthly operating system and thus may have known vulnerabilities."

If the author of the comments were as unbiased as you it might indeed mean that.

However, he makes money telling Windows users they will be safe if they remember to pay him their fees. Not the same protection racket from the Linux crowd so I'm sure he's pleased to take any swipe he can.

If the author of the comments were as unbiased as you it might indeed mean that.

However, he makes money telling Windows users they will be safe if they remember to pay him their fees. Not the same protection racket from the Linux crowd so I'm sure he's pleased to take any swipe he can.

Very good point. And if the ISS was running Windows for Spaceships and got infected, it wouldn't even be news.

I took that as either a lack of knowledge or bias. In the next few paragraphs they talk about Stuxner which was a Windows worm. Linux is by no means perfectly secure. Nothing is. I would take the track record of Linux over Windows any day.

The difference between Linux and Windows is, it takes a hacker to break into Linux. Any snot-nosed script kiddie can do Windows. The one thing I got from TFA is, the space station was never configured for security. It seems to be ASSumed that anyone arriving onboard is cleared to use the computers, and there is nothing to defend against. Oh well - no system can be secure when idiots run them!

My question instead is "What linux system automounts usb drives without the noexec flag", or "how on hell did whatever program get executed by the onboard systems". Did the malware reside on some personal device and exploited some remote weakness on the systems which i guess give network access to get the much needed email and lolcat pic of the day?

Wasn't there a privilege escalation bug in the usb filessystem code in the Linux kernel a few years ago? If it's in space now, it's probably running a 5-10 year old kernel at best, with that vulnerability still there.

Wasn't there a privilege escalation bug in the usb filessystem code in the Linux kernel a few years ago? If it's in space now, it's probably running a 5-10 year old kernel at best, with that vulnerability still there.

I'm sure. And that is just passive attacks based on the filesystem data itself. Now imagine if the flash drive contained active circuitry that could send arbitrary data over the USB bus. That means you could target any driver available to the kernel which contained an exploit.

Yes, but all of these vulnerabilities should be patched in later revisions or used by a zero-day, which can happen to any OS. The article seemed (to me at least) hinting at a linux-specific way of doing things wrong.

Or the fact that only a complete moron would have the C&C computers on the same network as user computers. and what idiot is trying to edit his files on the C&C systems?

Viruses cant magically jump a real airgap, no they cant no matter what some recent fiction passed off as real wants it to exist. So all ofthis is wild speculation on the part of a guy trying to scare people into buying his products.

mounting/noexec can help protect dumb users from themselves but won't help against a virus, since nothing as stupid as Autorun exists in Linux (I'm sure Canonical will take that as a challenge). Once the virus is running its unauthorized code somehow (on Linux the only attacks are basically against graphical file browsers),/noexec is barely a speedbump.

Don't bother, it's garbage. Linux has nothing to do with it, it isn't affecting C&C (NASA says it's simply a nuisance) and TFA got every single thing wrong. It's a worm, not a virus. They don't know how it got there, there are both Linux and Windows laptops up there and NASA says they have to check all the Windows (not Linux since it's a Windows worm) laptops for it.

From now on I'm checking closer before voting stories up. Any story posted by DavidGilbert99 gets downvoted by me. David Gilbert, article author and submitter, is a troll. ibTimes should fire him, that article is pure unadulterated bullshit, see here. [space.com]

Yes, WTF is that all about? Sounds to me like a MS wedge of money went to the reporter to sneak that in [quote below]

The reason is that the space station uses computer-controlled SCADA systems in order to manage various physical components of the satellite. As these systems are based on Linux, they are open to infection.

TFA was bad, I read it. I wish I'd read it before I voted in the firehose:(

Sorry, guys. That one line "As these systems are based on Linux, they are open to infection" discredits the author and the rest of the article. Since Windows viruses like the Stuxnet virus they say infected the station, Linux has nothing to do with it.

According to a NASA planning document obtained by SPACE.com, the virus was identified as W32.Gammima.AG. The California-based retail anti-virus software manufacturer Symantec describes it as a Windows-based worm which spreads by copying itself onto removable media.

It has nothing to do with Linux, TFA is either a troll or an MS shill. The submitter should be ashamed of himself for submitting such a piss-poor article (and I'm ashamed I voted before reading). TFA linked in the summary is garbage. It didn't even get the damned virus right. There are far better accounts, including the one I linked above.

Kaspersky is not just a self-promoter, he is a scam artist: he is selling a closed source "security" solution for an operating system which is pre-rooted by its manufacturer. Everything that comes out of his mouth is meant to increase FUD about the actual security solutions, which are based on free and open source software, and so provide security for the user, as opposed to the software producer.

That article is the worst piece of shit on the internet, everything except the fact that the ISS was infected contradicts what space.com and everyone else says, including that Linux bullshit. The entire article was made up, including SCADA being infected and that the Russians brought it up there. It infected Windows laptops, Not the SDADA, it's a minor nuisance and it isn't the first time [wired.com] there were viruses on the ISS.

Don't believe everything you read, kids. Check different sources. Gilbert's story is ficti

there are two problems with this http://en.wikipedia.org/wiki/Stuxnet [wikipedia.org] according to wikipedia stuxnet was to be self deleting in 2012 but is mentioned in TFA, and stuxnet doesn't affect linux systems at all. also the space station only uses linux for their laptops. so TFA is very poorly written and with no fact checking. scada is not based on linux either it is windows based so tfa is way off base. http://en.wikipedia.org/wiki/SCADA [wikipedia.org]

Uh, what? SCADA (supervisory control and data acquisition) is a type of system, not a particular software package that's specific to an OS. Saying that "scada is not based on linux" [sic] makes about as much sense as saying that word processors are not based on Linux, since in both cases we're talking about a class of programs, rather than a specific one. Just because the SCADA systems that Stuxnet attacked were on Windows does not by any means suggest that there are not Linux SCADA systems out there, becau

The worm consists of a layered attack against three different systems:
The Windows operating system,
Siemens PCS 7, WinCC and STEP7 industrial software applications that run on Windows and
One or more Siemens S7 PLCs.

Perhaps ISS is running Wine, or there was an error in translation? Not saying Linux is impenetrable, just pointing out the facts (at least as I know them).

The article was fiction, made up out of whole cloth. I googled, and what David Gilbert says contradicts Wired and Space.com on every detail. It not only isn't stuxnet, it isn't a virus; it's the W32.Gammima.AG worm, a worm that steals credentials for online games. It isn't the ISS's first infection and it's only a nuisance.

This story is factually incorrect and refers to an incident a number of years ago.

It isn't "factually incorrect," It's fiction. The only thing they got right was the fact there there was an infection (a Windows worm, not a Linux virus) and it wasn't the first time. A lot of laptops up there run Windows and that's what was infected.

The article's author, who submitted the fictitious story, is an anti-Linux troll who has submitted (spammed) a lot of articles to slashdot and made exactly three comments since he

The Lunar Lander was 100% virus proof.In fact run your software directly on the iron and you can make it virus proof, the OS is your attack vector. If you eliminate the OS then you dont have the problem.I dont see arduinos getting viruses.

I use Kapersky and while I like the product I don't necessarily like this comment:

The reason is that the space station uses computer-controlled SCADA systems in order to manage various physical components of the satellite. As these systems are based on Linux, they are open to infection.

So even on the ISS there's no concept of an air gap when it comes to SCADA systems? I realize there's monitoring and management required but there are tools and policies for dealing with that but shit, what is being eluded to is that the Russian Astronauts gerfinkerpoked around with a USB thumb drive and now we have an F*d up multi-billion dollar, multi-ton object in orbit possibly out of control? I think that's a disservice to Russian Astronauts (Cosmonauts) everywhere.

All systems can have vulnerabilities but if the systems onboard the ISS have been compromised by trojans, malware, viruses etc. I think the Linux community needsto be made aware of the vulnerabilities so that these issues can be addressed and code fixed. Not that ol Kaspersky here needs to make a but right, but if they're not inherently part of Linux and are just stupid admin pet tricks, then that needs to be brought to public attention so that the ISS partners can address their IT problem. Playing coy and providing anecdotal commentary on "infections" and "bad things happened at a Nuclear plant" only mean that there are still vulnerabilities and bad practices that need to be addressed. I mean it's not like we wouldn't have that happen here in the US, say on a major Website, right? [foxnews.com]

On the other hand Microsoft should be smiling right now since it was announced that the ISS was going all Linux just this year. [redorbit.com] Maybe it was because the Astronauts couldn't find the Start Menu?

I think the principle of isolation still applies. Not all devices on the ISS are equally critical. I'm sure the Astronauts watch TV and listen to music. The systems that handle that don't need to be able to talk to those that control the thrusters.

Well, even though NASA says they don't know how it got there and the FA's author and submitter is a lying sack of shit, TF fictitious A says it was Russians. Russians are aliens, aren't they? I mean, unless you live in Russia?

in 2008, a Russian cosmonaut brought a laptop aboard with the W32.Gammima.AG worm, which quickly spread to the other laptops on board. Switching to Linux will essentially immunize the ISS against future infections.

Stuxnet only became known to the public when an employee of the Natanz facility took an infected work laptop home and connected to the internet, with the malware quickly spreading around the globe infecting millions of PCs.

Stuxnet never spread via the internet. It spread via USB only and then only up to 3 infections before it removed itself from the USB stick.

Carefully reading TFA, leads me to believe that Kasperski never said that ISS got infected with stuxnet, or that he implied that this infection was a recent event. It could very well be that he is referring to the original infection in 2009 or so that lead to the windows systems being replaced with linux. This still means that TFA is a load of bullocks and that the journalist writing it is bad at fact checking and biased as hell.

Yes, I contacted JSC PAO and they unequivocally said that there are no "virus epidemics" on the ISS. There is no current outbreak of anything, stuxnet or otherwise. Kaspersky's comments weren't about an ongoing event—rather, they are off-the-cuff unsourced remarks that could refer to any number of past incidents [theregister.co.uk].

First, the reporter that wrote this article obviously doesn't understand the difference between Linux and Windows. Stuxnet is decidedly a *windows* issue and is not going to be a problem for a Linux SCADA system.

Second, Who in their right mind lets a rouge USB stick even onto the station, much less inserted, mounted and code executed from it? I don't care if it's Linux, windows or anything else, you simply do not allow unknown USB devices to get mounted without at least doing some kind of scan before you

The Russian said this example shows that not being connected to the internet does not prevent you from being infected.

As any G20 attendees receiving a malware infested Russian USB stick would attest.

For those of us alive before most had even heard of "Internet" viruses then had no problem running rampant thought the world often by sneaker net, BBS or by private networks with no outside connectivity.

What is strange to me everything is so scripted astronauts often end up being more or less robots executing procedures from manuals or commanded to do so from ground.

First it spends a paragraph or two indicating that some unknown computer on ISS got a virus. That would probably be one of the Windows laptops used by the crew for personal email, general browsing, etc and NOT a mission critical part of the station itself. Those have gotten viruses before and probably will again. The mission critical systems never have.

Then they went into the weeds spending a short segment talking about an unnamed system at an unnamed nuclear plant getting infected with stuxnet. For all we know it was the solitaire and minesweeper PC in the break room. From there they talk about government development of stuxnet and blah blah blah nothing to do with ISS, and so on.